Summary
| Detail | |||
|---|---|---|---|
| Vendor | Libpng | First view | 2014-01-12 |
| Product | Libpng | Last view | 2019-07-10 |
| Version | 1.5.23 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:libpng:libpng | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 9.8 | 2019-07-10 | CVE-2017-12652 | libpng before 1.6.32 does not properly check the length of chunks against the user limit. |
| 5.3 | 2019-02-04 | CVE-2019-7317 | png_image_free in png.c in libpng 1.6.x before 1.6.37 has a use-after-free because png_image_free_function is called under png_safe_execute. |
| 7.5 | 2017-01-30 | CVE-2016-10087 | The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer dereference vectors involving loading a text chunk into a png structure, removing the text, and then adding another text chunk to the structure. |
| 7.8 | 2016-07-10 | CVE-2016-3751 | Unspecified vulnerability in libpng before 1.6.20, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01, allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23265085. |
| 8.8 | 2016-04-14 | CVE-2015-8540 | Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read. |
| 7.3 | 2016-01-21 | CVE-2015-8472 | Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8126. |
| 7.5 | 2015-11-12 | CVE-2015-8126 | Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. |
| 5 | 2014-01-12 | CVE-2013-6954 | The png_do_expand_palette function in libpng before 1.6.8 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via (1) a PLTE chunk of zero bytes or (2) a NULL palette, related to pngrtran.c and pngset.c. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 16% (1) | CWE-476 | NULL Pointer Dereference |
| 16% (1) | CWE-416 | Use After Free |
| 16% (1) | CWE-189 | Numeric Errors |
| 16% (1) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |
| 16% (1) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 16% (1) | CWE-20 | Improper Input Validation |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2017-07-17 | Name: The remote Fedora host is missing a security update. File: fedora_2017-1d305fa070.nasl - Type: ACT_GATHER_INFO |
| 2017-04-18 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-477.nasl - Type: ACT_GATHER_INFO |
| 2017-04-17 | Name: The remote Fedora host is missing a security update. File: fedora_2017-84bc8ac268.nasl - Type: ACT_GATHER_INFO |
| 2017-04-17 | Name: The remote Fedora host is missing a security update. File: fedora_2017-bad9942e42.nasl - Type: ACT_GATHER_INFO |
| 2017-04-13 | Name: The remote Fedora host is missing a security update. File: fedora_2017-66fd940572.nasl - Type: ACT_GATHER_INFO |
| 2017-04-13 | Name: The remote Fedora host is missing a security update. File: fedora_2017-cf1944f480.nasl - Type: ACT_GATHER_INFO |
| 2017-04-07 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2017-0950-1.nasl - Type: ACT_GATHER_INFO |
| 2017-04-06 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-441.nasl - Type: ACT_GATHER_INFO |
| 2017-04-06 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2017-443.nasl - Type: ACT_GATHER_INFO |
| 2017-04-03 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2017-0901-1.nasl - Type: ACT_GATHER_INFO |
| 2017-03-30 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2017-0853-1.nasl - Type: ACT_GATHER_INFO |
| 2017-03-30 | Name: The remote SUSE host is missing one or more security updates. File: suse_SU-2017-0860-1.nasl - Type: ACT_GATHER_INFO |
| 2017-01-30 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201701-74.nasl - Type: ACT_GATHER_INFO |
| 2017-01-10 | Name: The remote Fedora host is missing a security update. File: fedora_2016-1a7e14d084.nasl - Type: ACT_GATHER_INFO |
| 2017-01-10 | Name: The remote Fedora host is missing a security update. File: fedora_2016-a4b06a036b.nasl - Type: ACT_GATHER_INFO |
| 2017-01-03 | Name: The remote Slackware host is missing a security update. File: Slackware_SSA_2016-365-01.nasl - Type: ACT_GATHER_INFO |
| 2016-11-15 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201611-08.nasl - Type: ACT_GATHER_INFO |
| 2016-10-31 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-1243.nasl - Type: ACT_GATHER_INFO |
| 2016-08-02 | Name: The remote Debian host is missing a security update. File: debian_DLA-375-1.nasl - Type: ACT_GATHER_INFO |
| 2016-07-19 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2016-1430.nasl - Type: ACT_GATHER_INFO |
| 2016-06-23 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-754.nasl - Type: ACT_GATHER_INFO |
| 2016-06-02 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL76930736.nasl - Type: ACT_GATHER_INFO |
| 2016-05-26 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL81903701.nasl - Type: ACT_GATHER_INFO |
| 2016-03-23 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2016-664.nasl - Type: ACT_GATHER_INFO |
| 2016-03-22 | Name: The remote Mac OS X host is affected by multiple vulnerabilities. File: macosx_10_11_4.nasl - Type: ACT_GATHER_INFO |
